Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
stevek1835
Explorer

Limit access to a single external address over a certain port to only allow USA address to connect

Hello,

We're new in the CheckPoint world and had a question about limiting access.

We use a client based VPN that uses a TCP High Port to allow external connections to come in. We have cert based deployment to allow/deny connections, but we are looking to take that one step further and block all connections from outside of the USA to the external address and port that our client-based VPN uses.

Is there a way to do this in checkpoint - we're running a HA Pair of 6400 currently in our environment.

0 Kudos
2 Replies
Alex-
Advisor

You can use an updatable object to select United States as source of your rule then block the rest.

Something like Source: United States - Destination: your VPN public IP - Service: VPN Service - Action: Accept - Log

followed by Source: Any - Destination: Your VPN public IP - Service: Any - Action: Drop - Loggeoloc.png

 

0 Kudos
Danny
Champion
Champion

Desktop Security Policy does not support updatable objects.

0 Kudos